February 23, 2009
By Kevin G. Coleman, Certified Management Consultant and Strategic Advisor with the Technolytics Institute
No it is not related to the stimulus or the bail out. It is the estimated dollar loss that Dennis C. Blair, the Director of National Intelligence referenced in the Annual Threat Assessment of the Intelligence Community for the Senate Select Committee on Intelligence for intellectual property and data theft in 2008 for businesses globally. The methods, tools, techniques, technologies and motivations are all there to place your sensitive corporate data at risk.
Today corporate espionage is less cloak-and-dagger and more bits and bytes. All organizations in the public and private sectors must identify their sensitive information and treat it as such. Information such as R&D projects, business processes, personnel files, customer lists, patent work, market plans, business strategies, and even price lists should be identified as “sensitive”. Appropriate procedures and guidelines must be established in order to safeguard this asset whether in the physical form or stored digitally. Hacking of companies’ systems is the most modern approach to stealing intellectual property, but many data thefts still occur the old fashioned way, by sneaking into a company’s offices and making off with sensitive information.
Business travelers should be extra careful! You have to be very naïve to believe they have privacy and security in their hotel rooms. Today, an estimated 57 countries are believed to have substantial espionage program in place and very active. It is not uncommon for foreign governments, intelligence agencies and even corporations to bug hotel rooms or even enter the hotel rooms of business travelers and steal information they feel is of value.
However, not all threats are from outsiders. Organizations need to realize that the vast majority of data theft is done by or with the assistance of insiders. Research conducted by Spy-Ops suggests that between five and eight percent of employees surveyed said that they have accessed areas of their company’s IT system they shouldn’t have. Implement background checks and drug testing for all employees on a pre-employment basis are critical to mitigating this threat. When you couple background checks with random checks for all existing employees you will have a significant reduction in corporate espionage.
Organizations in the public and private sector need to take the threat of corporate espionage and intellectual property and data seriously. Failure to do so can and will have serious consequences!
INTEL: Dumpster diving still yields a treasure trove of sensitive information. Many times those yellow Post-It Notes contain complex passwords written on them and they end up in the under the desk garbage cans and thrown out in general trash.
INTEL: Statistics prove that insider attacks cause the most damage. An estimated 70% of espionage activities causing at least $20,000 of damage are the direct result of malicious insiders.
CASE: February 2009. Microsoft (News - Alert) has filed a lawsuit against a former employee for stealing important files from the company. According to reports, the former employee joined Microsoft with the intent of procuring confidential documents that could help win an intellectual property case against the software giant.
Kevin G. Coleman, a consultant and advisor with Technolytics Institute, writes the Data Security column for TMCnet. To read more of Kevin’s articles, please visit his columnist page.
Edited by Greg Galitzine